Update ST NFC/SecureElement policies
Bug: 168875298
Bug: 160672745
Test: check no avc denial for nfc
Merged-In: I95885898a120e039dfd1916d8665566f40f6293e
Change-Id: I95885898a120e039dfd1916d8665566f40f6293e
diff --git a/vendor/google/file.te b/vendor/google/file.te
index 9d6186d..d82e7b1 100644
--- a/vendor/google/file.te
+++ b/vendor/google/file.te
@@ -23,7 +23,6 @@
type debugfs_usb, debugfs_type, fs_type;
type mediadrm_vendor_data_file, file_type, data_file_type;
type diag_socket, file_type, mlstrustedobject;
-type ese_vendor_data_file, file_type, data_file_type;
type debugfs_dma_buf, debugfs_type, fs_type;
type debugfs_clk, debugfs_type, fs_type;
type debugfs_pmic, debugfs_type, fs_type;
diff --git a/vendor/st/file_contexts b/vendor/st/file_contexts
index e469549..9a3ea7e 100644
--- a/vendor/st/file_contexts
+++ b/vendor/st/file_contexts
@@ -11,6 +11,5 @@
###################################
# data files
-/data/vendor/ese(/.*)? u:object_r:ese_vendor_data_file:s0
/data/nfc(/.*)? u:object_r:nfc_data_file:s0
diff --git a/vendor/st/hal_nfc_default.te b/vendor/st/hal_nfc_default.te
index 66ce177..f98e78c 100644
--- a/vendor/st/hal_nfc_default.te
+++ b/vendor/st/hal_nfc_default.te
@@ -1,3 +1,9 @@
+# NFC property
+set_prop(hal_nfc_default, vendor_nfc_prop)
+
+# SecureElement property
+set_prop(hal_nfc_default, vendor_secure_element_prop)
+
# Modem property
set_prop(hal_nfc_default, vendor_modem_prop)
diff --git a/vendor/st/hal_secure_element_default.te b/vendor/st/hal_secure_element_default.te
index 94b811d..84cde42 100644
--- a/vendor/st/hal_secure_element_default.te
+++ b/vendor/st/hal_secure_element_default.te
@@ -1,6 +1,7 @@
allow hal_secure_element_default secure_element_device:chr_file rw_file_perms;
-allow hal_secure_element_default ese_vendor_data_file:dir create_dir_perms;
-allow hal_secure_element_default ese_vendor_data_file:file create_file_perms;
-allow hal_secure_element_default debugfs_ipc:dir search;
+allow hal_secure_element_default nfc_device:chr_file rw_file_perms;
+dontaudit hal_secure_element_default debugfs_ipc:dir search;
set_prop(hal_secure_element_default, vendor_secure_element_prop)
-get_prop(hal_secure_element_default, vendor_modem_prop)
+set_prop(hal_secure_element_default, vendor_nfc_prop)
+set_prop(hal_secure_element_default, vendor_modem_prop)
+
diff --git a/vendor/st/property.te b/vendor/st/property.te
index d070080..723121a 100644
--- a/vendor/st/property.te
+++ b/vendor/st/property.te
@@ -1 +1,2 @@
-type vendor_secure_element_prop, property_type;
+vendor_internal_prop(vendor_nfc_prop)
+vendor_internal_prop(vendor_secure_element_prop)
diff --git a/vendor/st/property_contexts b/vendor/st/property_contexts
index 01a12e4..c6cd8a4 100644
--- a/vendor/st/property_contexts
+++ b/vendor/st/property_contexts
@@ -1,4 +1,6 @@
# SecureElement
persist.vendor.se. u:object_r:vendor_secure_element_prop:s0
+# NFC
+persist.vendor.nfc. u:object_r:vendor_nfc_prop:s0
diff --git a/vendor/st/vendor_init.te b/vendor/st/vendor_init.te
new file mode 100644
index 0000000..abc7580
--- /dev/null
+++ b/vendor/st/vendor_init.te
@@ -0,0 +1,4 @@
+# NFC vendor property
+set_prop(vendor_init, vendor_nfc_prop)
+# SecureElement vendor property
+set_prop(vendor_init, vendor_secure_element_prop)
